Set up users and groups
Create staff group with gid 123$ /usr/sbin/groupadd -g 123 staff
Create users (with uid 1234, with user gid 123)
$ /usr/sbin/useradd -c "John Doe" -d /home/jdoe -u 1234 -s /bin/bash -g 123 jdoe
To see useradd default: $ useradd -D
Force user to change password upon login
$ passwd -e jdoe # If not available, just expire the account by $ chage -d0 jdoe
Add user to wheel group
# Enabled sudo for wheel group $ visudo # uncomment this line: # %wheel ALL=(ALL) ALL # Add user to wheel group $ usermod -G10 jdoe
Set hosts.allow to allow ssh (port 22) for specific network (e.g. 123.456.789.* with subnet 255.255.255.0) and hosts.deny to deny everywhere else.
$ cat /etc/hosts.allow # # hosts.allow This file contains access rules which are used to # allow or deny connections to network services that # either use the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # sshd: 123.456.789.0/255.255.255.0 $ cat /etc/hosts.deny # # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a 'deny' option instead. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # All:All
Disallow root login in via ssh by uncomment the following line.
$ vi /etc/ssh/sshd_config #PermitRootLogin no $ /etc/init.d/sshd restart
No comments:
Post a Comment